I have an old Pentium II running Debian Testing to protect my internal network from the Internet. Yesterday, I decided to test this firewall using a site that performs a portscan. I came accross http://www.testmyfirewall.com/ that did exactly what I wanted. This site claimed my internal address (the address of the computer sitting behind the firewall) was exposed to the outside. Yeah, right. After some digging I came accross this post from a guy having the same "problem". It seems that testmyfirewall starts an applet displaying the address of the computer running the applet, which is indeed the one sitting behind the firewall.
So this site does not test your firewall, it only tests your browser which is a different thing.
Just be aware of sites that claim to test your firewall, they're not allways right.